显示“无法满足请求502错误"的云前端.尝试连接到ec2时 [英] cloudfront showing "The request could not be satisfied 502 error" when trying to connect to ec2
问题描述
我正在尝试将CloudFront指向我的ec2计算机.
I am trying to point CloudFront for my ec2 machine.
在来源下,我给出了ec2的公共DNS名称:(例如ec2-52-64-xxx-xxx.ap-southeast-2.compute.amazonaws.com)"
under origin, I am giving the public DNS name of the ec2 :(e.g. ec2-52-64-xxx-xxx.ap-southeast-2.compute.amazonaws.com)"
但是我收到此错误:
我已经打开了443端口,并且在我的ec2上也已打开.
I have opened 443 port also open on my ec2.
如何解决此错误?
推荐答案
基于聊天讨论.
实例上的应用程序通过 HTTP和端口80 运行.它本身不服务器HTTPS通信.因此,如果要将当前设置与CF一起使用,则需要允许端口80(非443),并且在CF中使用HTTP作为原始协议(而非HTTPS).运作方式是HTTPS和SSL仅位于客户端和CF之间,而不位于CF和您的实例之间:
The application on the instance works over HTTP and port 80. It does not server HTTPS traffic in itself. So if you want to use the current setup with CF, you need to allow port 80 (not 443) and in CF using HTTP for origin protocol (not HTTPS). The way this works is that HTTPS and SSL will be only between client and CF, not between CF and your instance:
client----(HTTPS:443)--->CF----(HTTP:80)---->EC2 instance
如您在上面看到的,存在一个安全问题.CF和您的实例之间的所有流量都将通过互联网上的痛苦文字.要解决此问题,您需要将HTTPS添加到您的实例.有两种方式:
As you can see above, there is a security issue. All traffic between CF and your instance will be in pain text over the internet. To rectify this, you need to add HTTPS to your instance. There are two ways for that:
- 在实例的前面
- 添加负载均衡器,并使用来自ACM和HTTPS侦听器的SSL在其上部署自定义域.因此流量将是:
- Add load balancer in-front of your instance, and deploy custom domain on it with SSL from ACM and HTTPS listener. So the traffic will be:
client----(HTTPS:443)--->CF----(HTTPS:443)---->ALB---(private HTTP:80)--->EC2 instance
- 直接在您的实例上设置SSL.为此,您不能使用ACM(除非您的实例为 https://letsencrypt.org/.然后,使用SSL证书设置Apache,以提供HTTPS流量.随后,您将拥有:
- Setup SSL on your instance directly. For this you can't use ACM (except when your instance is enclave). Instead, you have to use third-party SSL provider. Common choice is https://letsencrypt.org/. Then you setup your Apache with the SSL certificate to serve HTTPS traffic. Subsequently, you will have:
client----(HTTPS:443)--->CF----(HTTPS:443)---->EC2 instance
这篇关于显示“无法满足请求502错误"的云前端.尝试连接到ec2时的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
